Adding Perfect Forward Secrecy to OpenVPN

By davidgo | April 12, 2014 |

Perfect Forward Secrecy is a methodology applied to encryption to frustrate the decoding of traffic captured and stored prior to the discovery of the secret key by an adverse party.  This is done by generating a new random key every time data is transmitted. Enabling this in OpenVPN is quite easy, but does not appear to be well documented.  The steps to do this are: Create a common private key, eg openvpn –genkey –secret /path/to/store/pfs.key Securely distribute this key to each OpenVPN client, then add the following to the server tls-server tls-auth /path/to/store/pfs.key 0 and this to each client tls-client tls-auth /path/to/store/pfs.key 1   It is also possible to embed the tls-auth certificate in the configuration file…

Read More

Fail2Ban and Brute-Force Password attacks on WordPress

By davidgo | October 24, 2013 |

I maintain a server hosting a fair number of WordPress blogs and I get inundated with brute-force password attempts.    In order to minimize the likelyhood of success of an attack, I have taken to limiting the number of login attempts I’ve customised some Fail2Ban rules to provide “overriding” lockout of accounts. The code certainly has its limitations – for example it will – without warning –  temporarily lock out people who have forgotten their passwords, however for the most part it works pretty well. One of the things I’ve noticed recently is that some attempts are persistent – they will continue to try log in even when null-routed, and for long periods of time.  I’ve thus written…

Read More

Review of the Domain DM-DV703USB 2 DIN video/mp3/cd car stereo

By davidgo | August 11, 2013 |

My Toyota VITZ 2004 came with a “Japanese Only” Stereo, which included a reverse camera. To get the reverse camera working, in addition to some wiring tweaks (See my post on “Original Toyota Reverse Light Camera on 2004 Vitz/Echo with an aftermarket stereo“). As I can’t call myself an audiophile, and I can be tight-fisted (who wants to spend 1/10th of a run-around vehicles value on expensive stereo equipment – especially when it spends time in a “not-that-good” neighbourhood), I decided to purchase a budget stereo off Trademe. I picked up a Domain 7″ DVD/CD/USB/SD receiver, model DM-DV703USB from Sound Tech for arround $200 (you can get a similar one from Jonvy), and tried to install it.…

Read More

Original Toyota Reverse Light Camera on 2004 Vitz/Echo with an aftermarket stereo.

By davidgo | July 9, 2013 |

I recently got a 2004 Vitz with some cool factory upgrade.  (Most of the world has the Vitz under the “Echo” brand, the Vitz means its imported from Japan)  Coming from Japan, it came with a factory new stereo system which only worked in Japanese,  did not play MP3’s and committed Seppuku when unplugged from the battery. (While this is a post about replacing the stereo, a quick note – Toyota New Zealand are absolute bastards, and I won’t do business with them.  They would not even tell me the part number or frequency of the remote the car uses – because they correctly knew I would pick up an aftermarket one for a fraction of the…

Read More

Getting UDEV and Touchpad to play together

By davidgo | January 19, 2013 |

One of the downsides of the HP Folio 13 is that the built in touchpad sucks – at least under Linux.  While there are some tweeks that can be done to make it “less bad”, the experience is never better then “OK in a pinch, but only just”. One of the particularly irritating things is that the sensitivity – quite frequently I brush the touchpad while typing, which moves the cursor. I have finally found a workable solution – leave the touchpad disabled when a mouse is plugged in, and enable when the mouse is removed.   Although conceptually simple,  the devil proved to be in the details with getting UDEV to “play nice” with my mouse.  I…

Read More

HP Folio WPA2 Wifi on Ubuntu 12.04

By davidgo | December 14, 2012 |

The HP Folio comes with a Broadcom BCM4313 802.11n Wifi module.    Getting this to work with WPA2 proved a struggle, and I had just-about given up and ordered a USB WIFI stick to get things working.  Luckily things started working with the BCM4313 card. In the end, I’m not sure “what did it” that fixed it, but it now works.   This documents my knowledge and outcome. Broadcom Drivers There are, it seems, 3 broadcom drivers. The NDISWrapper (b43/b43legacy) does not work with the BCM4313 (but is apparently a work in progress) The brcmsmac appears as wlan0 if that driver is used. The wl driver appears as eth1, and this is the driver which eventually worked. I think…

Read More

DRBD for SSD+USB

By davidgo | September 30, 2012 | Comments Off on DRBD for SSD+USB

Summary:  DRBD provides a nifty way of allowing a “RAID when available” setup, which offers more flexibility then MDADM.  When in “RAID” mode, DRBD performs about 10% slower then MDADM, but provides near SSD performance when DRBD is not mirroring.  Importantly you don’t need to have the USB drive connected all the time, so its great if you want to grab your laptop and have it mirror to your USB disk when you get back to base. The Project I have an HP Folio Laptop with 128 gig Samsung MZPA128 SSD drive built in, and a 2.5″ spinning disk connected to my PC over USB3 when at home – running Ubuntu.  My research on SSD drives leads…

Read More

On-Demand RAID for Laptop with SSD and USB Disk

By davidgo | September 30, 2012 |

Summary:  DRBD provides a nifty way of allowing a “RAID when available” setup, which offers more flexibility then MDADM.  When in “RAID” mode, DRBD performs about 10% slower then MDADM, but provides near SSD performance when DRBD is not mirroring.  Importantly you don’t need to have the USB drive connected all the time, so its great if you want to grab your laptop and have it mirror to your USB disk when you get back to base. The Project I have an HP Folio Laptop with 128 gig Samsung MZPA128 SSD drive built in, and a 2.5″ spinning disk connected to my PC over USB3 when at home – running Ubuntu.  My research on SSD drives leads…

Read More

Linux and Samsung CLX-3185FN

By davidgo | September 2, 2012 |

I recently acquired a Samsung CLX-3185FN colour laser MFC. Although the device claims to work with Linux, it is a bit of a mixed bag.  Below are my views and outcomes of lessons learned thus far. Background and Review FWIW I use Ubuntu 12.04 64-bit, and am only interested in connecting the device across a network.    I am blown away by the speed and quality of the printer for black-and white laser printing relative to my Brother Fax2820 [laser printer] and multi-page scanning relative to my HP Officejet 6500 [ scanner, theoretical occasional color printing which never worked because cartridges dried up ]. For black-and-white scanning to email this device outperforms the OKI MB470 I use at…

Read More

DB logging With Postfix + Postgresql

By davidgo | June 29, 2012 |

Summarised database logging using Postfix and Postgresql I recently created a set-up for iPayroll Ltd to push Postfix log files in a summarized form into a PostgreSQL database, and they generously agreed – and paid me for my time –  to share this howto. Although there was a fair amount of information on a basic setup, all the information I found online fell short of what I wanted to do, which was create as relatively simple table including the from address, to address and status of the message at various stages, without the need to manually patch together what happened based on the message ID.  Using http://185iq.blogspot.co.nz/2010/05/postfix-rsyslog.html as a starting point, this is the solution I came…

Read More